Did The Kavanaugh Hearings Distract You From Facebook’s Scary Hack?

While we were all glued to the Kavanaugh Senate Hearings on Friday September 28, Facebook announced that 50M user accounts had been hacked. Right now, it’s not clear who was behind the attack, but even stranger is that we also don’t know who exactly has been affected by the security breach. As of 1:00PM ET on Monday, Facebook’s stock had dropped yet again (-.20%), which means 2018 might be shaping up to be a “bad hair day” for the social media giant.

What Happened?

Facebook engineers discovered something was wrong after they noticed an unusual traffic spike. An investigation into this heightened activity led engineers to discover that cyber attackers had found a loophole in the “View As” function of a user’s Facebook account—a function that allows users to see their own account as others see it.

Facebook’s VP of Product Management, Guy Rosen, explained more in a recent blog post: “This allowed them (attackers) to steal Facebook access tokens, which they could then use to take over people’s accounts.” Access tokens are the equivalent of digital keys that keep people logged into Facebook, so they conveniently don’t need to re-enter their password every time they use the app.

The social network said a change in Facebook’s code in July 2017 introduced this vulnerability, which the company spotted being exploited for the first time on September 16, 2018. “The vulnerability that we fixed was the result of three distinct bugs and was introduced in July 2017 when we created a certain new video uploader,” Rosen said.

Have we become too comfortable?

Some would say big internet giants like Google and Facebook do not care enough about your privacy. With security breaches looming left and right, just like the one that took place Friday, users cannot be too careful—and they definitely cannot trust that everything is as safe as it should be. In fact, researchers recently found that the phone number people provide when setting up two-factor authentication (2FA) and login alerts on Facebook is not only being used for security—it is also being used by advertisers to target ads.

As reported by Gizmodo, Facebook users who want to add an extra layer of security to their accounts are also sacrificing their privacy when they use their phone number to set up 2FA to receive an SMS login code. The same goes for people who provide a phone number for Facebook login alerts, which notify users via a supplied email or contact number when a new device logs into an account.

Facebook is not the only internet giant to use your personal information and browsing history to target you with ads. At a U.S. congressional hearing in April, CEO Mark Zuckerberg pledged to protect user data above all else and invest more resources in security. And Google is also under scrutiny for some of the same security and privacy concerns. In a recent episode of 60 Minutes, the news outlet reported Google’s Chief Privacy Officer, Keith Enright, was on Capitol Hill on September 26 to discuss the company’s usage of consumers’ personal data. Though Enright admitted Google has made mistakes in the past, he says they are working to prevent them in the future.

Tips for Keeping Your Facebook Account Secure

When it comes to protecting your Pii (Personally Identifiable Information) on the web, there are no guarantees anymore; however, there are some safeguards that the pros recommend. Here are just a few to remember:

You can enable Login Notification so that whenever anybody (or a hacker) tries to login with your User ID and Password, you will receive a Notification on your cell phone and you will come to know that it’s time to change your password right now because the hacker has got your password and is trying to log in to your Facebook Account. To enable login notification:Go to Home -> Account Settings -> Security -> Login Notification. Put a Check Mark on your preferred option and click Save Changes button.

Always check your Active Sessions. If you notice any unfamiliar location or device, it means your Facebook Account is at risk. Just click on End Activity and don’t forget to change your password after that. To check active sessions: Go to Home -> Account Settings -> Security -> Active Sessions.

Enable Secure Browsing to make your account more secure. To set up secure browsing:Go to Home-> Account Settings -> Security -> Secure Browsing.

U.S.-based enterprise technology leader and brand strategist, with a passion for helping global organizations crystallize their vision, gain alignment, and develop marketing communications programs that work. Expertise includes Adtech, AI, Fintech, SaaS, Security and Open Source Software. She holds a BA in Psychology and Organizational Development from Sonoma State University.

Post a comment

Save my name, email, and website in this browser for the next time I comment.

Stay Connected

134Followers

245Fans

303Followers

3Followers

Get more stuff

like this in your inbox

We respect your privacy and take protecting it seriously

An Introduction To Carlos Solari

Writing exclusively for The Threat Report, Carlos Solari brings significant wisdom and experience to the security conversation, aligning what he's learned through the years, both personally and professionally, with the current challenges we face in the modern world of technology. From his childhood in Columbia to his days at the FBI to his role as White House CIO, Carlos will share his unique knowledge of key areas like collaboration, communication, investigation, forensics, attack, defense, rule of law, accountability, and the ongoing relationship between science and technology—including the reality of what happens when these things break down. Every Sunday, his Lessons will help us visualize the evolution of cybersecurity and its inherent need for better design and application—lessons we must come to understand if we hope to survive in the digital age.
Click here to read Articles

The materials on this website may not be modified, distributed, posted or transmitted without the prior written consent of Hacker Combat LLC. 1997-2018 All rights reserved.

The information contained in this website is provided for reference purposes only and not for investment or for any other purposes. For complete information please contact us directly. Please review the Terms of Use before using this site. Your use of the site indicates your agreement to be bound by the Terms of Use.